our services

Master Reverse Engineering with Help from Industry Experts

Reverse engineering can reveal tremendous insights, but manual processes consume critical resources. Trail of Bits offers hands-on training to teach you everything you need to know about building reverse engineering tooling to automate analysis. We offer flexible courses on malware analysis and vulnerability research to suit your needs, skills, and availability.

The next public training will be: March 14-17, 2020 at CanSecWest.

"Highly recommend Josh Watson's awesome automation with Binary Ninja training. Amazing class with loads of helpful info and tricks!
Expert Training

What You Will Learn

Our reverse engineering trainings use Binary Ninja, the premiere tool for automated binary analysis, allowing you to accelerate your capabilities with its rich feature set, easy-to-use API, and accessible Intermediate Language (BNIL).

Our in-depth courses focus on malware analysis or vulnerability research, tailored to your needs.

Topics in Reverse Engineering for Malware Analysts include:

  • Deobfuscating strings
  • Recovering obfuscated control flow
  • Fingerprinting interesting behavior
  • Unpacking packed executables

Topics in Reverse Engineering for Vulnerability Researchers include:

  • Building computational models of vulnerabilities
  • Triaging and exploiting different bug classes
  • Developing shellcode payloads
"Overall, the training was awesome. You are literally a walking talking binary ninja API reference, and just getting to pick your brain was an absolute gift. You were engaging, had some really cool demos, and the training was well-laid out."

Reverse Engineering for Vulnerability Researchers

Course material is customized to our clients. This offering, Reverse Engineering for Vulnerability Researchers, is available over four days. All course material is delivered on-site by our expert instructors.

We'll take your reverse engineering skills to the next level. This four-day offering gives researchers the tools to automate bug-hunting tasks in binary applications, then write exploit payloads in C with Binary Ninja. Students will dive deep into Binary Ninja's Python API, automate common analysis tasks, and extend Binary Ninja’s built-in functionality with plugins. Throughout the course, students are exposed to a variety of common exploitable bug classes, and challenged to develop models of those bug classes. At the end of the course, students will be developing these models and applying them to binaries to discover and exploit vulnerabilities in binary code without access to source. Exercises are provided as a friendly Capture the Flag format. Exercises include:

  • Building computational models of vulnerabilities
  • Triaging and exploiting different bug classes
  • Rapid payload development with the Shellcode Compiler

Requirements

Knowledge & Experience

Students must have experience with Python and C; students without this experience will not be successful. C++ experience is useful, but not required.

Students should also have at least a foundational knowledge of an assembly language, as well as reverse engineering concepts.

Equipment

Students should bring a laptop that meets the following requirements:

  • Binary Ninja installed (Personal or Commercial version; the demo version is not sufficient)
  • telnet or netcat
  • IDE of choice (emacs, vim, vscode, notepad++, sublime, etc.)
  • Python 3.7+ (64-bit version only)

Sample Syllabus

Day 1

  • UI overview
  • The Binary Ninja Python API
  • Writing your first plugin
  • Binary Ninja Intermediate Languages (BNIL)
  • Writing analysis with BNIL in Python
  • Bug class: uninitialized variables
  • CTF challenge

Day 2

  • Day 1 review
  • Modeling vulnerabilities
  • Source/sink modeling with Binary Ninja
  • Bug class: command injection
  • CTF challenge

Day 3

  • Day 2 review
  • Bug class: format string vulnerabilities
  • Automating exploit generation
  • CTF challenge

Day 4

  • Day 3 review
  • Constraint solving
  • Bug classes: stack overflows, heap corruption
  • Writing shellcode payloads in C
  • CTF challenge
"Josh displayed deep knowledge of the subject, so regardless of the questions asked, he had no issue fielding them. He's completely approachable and at no point did I feel like I couldn't ask a question or ask for him to re-visit a topic."

Reverse Engineering for Malware Analysts

Course material is customized to our clients. This offering, Reverse Engineering for Malware Analysts, is available over four days. All course material is delivered on-site by our expert instructors.

We'll take your malware reverse engineering skills to the next level. This four-day module provides a toolbox for tackling the advanced techniques that malware uses to hide or obscure its functionality. Students will dive deep into Binary Ninja's Python API to automate most common analysis tasks, and extend Binary Ninja’s built-in functionality with plugins. By the end of the course, analysts will be writing plugins that detect and deobfuscate strings and control flow to make sense of a binary’s functionality, as well as scripting detection routines to identify malicious behavior for batch processing. Exercises include:

  • Deobfuscating strings
  • Recovering obfuscated control flow
  • Fingerprinting interesting behavior
  • Unpacking packed executables

Requirements

Knowledge & Experience

Students must have experience with Python and C; students without this experience will not be successful. C++ experience is useful, but not required.

Students should also have at least a foundational knowledge of an assembly language, as well as reverse engineering concepts.

Equipment

Students should bring a laptop that meets the following requirements:

  • Binary Ninja installed (Personal or Commercial version; the demo version is not sufficient)
  • telnet or netcat
  • IDE of choice (emacs, vim, vscode, notepad++, sublime, etc.)
  • Python 3.7+ (64-bit version only)

Sample Syllabus

Day 1

  • UI overview
  • The Binary Ninja Python API
  • Writing your first plugin
  • Binary Ninja Intermediate Languages (BNIL)
  • Writing analysis with BNIL in Python
  • Cryptographic function detection

Day 2

  • Day 1 review
  • Obfuscated string detection and deobfuscation
  • Types and structures
  • Automating structure recovery, part 1

Day 3

  • Day 2 review
  • Automating structure recovery, part 2
  • Extending existing architectures with an ArchitectureHook
  • Control flow deobfuscation with an ArchitectureHook

Day 4

  • Day 3 review
  • Writing a custom BinaryView
  • Defeating packed executables
"Good instructor, knows his stuff. I found going into each of the assignments that I was picking it up as I worked."

About the Instructor

Josh Watson is Trail of Bits’ resident Binary Ninja expert. He develops and delivers training materials for public and private courses on the reversing platform. Josh has published numerous articles about reverse engineering with the Binary Ninja APIs–-which remain some of the most detailed documentation available–-and released several related open-source plugins and tools. He has made considerable contributions to Ethersplay, Trail of Bits’ EVM disassembler plugin for Binary Ninja.

Josh began his career as a network security patent examiner for the U.S. Patent and Trademark Office. From there, he conducted hands-on work in the Department of Defense, developing tools to support network exploitation operations, and deployed overseas in support of the DOD mission. In late 2013, Josh entered private industry as a vulnerability researcher for Raytheon. He joined Trail of Bits in 2017.

Check out these blog posts by Josh:

Josh has delivered our coursework at top tier conferences and enterprises:

"Josh is without a doubt our most knowledgeable Binary Ninja user. We pay attention very closely to any of his feedback and we couldn’t think of a better third-party instructor to teach about how to use Binary Ninja to solve reverse engineering problems."
Jordan Wiens, Co-Founder, Vector35

FAQ

Who is this training for?

Our advanced technical training helps malware analysts, incident responders, exploit developers, and security researchers with their day-to-day tasks. Our hands-on workshops give your staff the skills to understand how modern attacks are developed and performed.

Can you help me justify this course to my manager?

Yes! Sell the benefits of your attendance, document the costs, then describe the deliverables to your team. Consider sending this sample email to your manager to get started.

What are the requirements to take this course?

Students must have experience with Python and C. C++ experience is useful but not required. Students should also have foundational knowledge of an assembly language, as well as reverse engineering concepts.

Students must bring a laptop that meets the following requirements:

  • Binary Ninja installed (Personal or Commercial version; the demo version is not sufficient)
  • telnet or netcat and an IDE of choice (emacs, vim, vscode, notepad++, sublime, etc.)
  • Python 3.7+ (64-bit version only)

Empower Your Analysts to do More.
Contact Us Today.

At Trail of Bits, we don’t just fix bugs, we fix software. When our research into the depths of code and devices exposes gaps in the market, we engineer tools to close them. Our trainers’ knowledge of the Binary Ninja API and internals is rivaled only by the Binary Ninja core developers.

EXPLORE ADDITIONAL SERVICES